/**
 * Project: springyounger.lottery.web
 * 
 * File Created at 2010-3-23
 * $Id$
 * 
 * Copyright 2009 Zjut Croporation Limited.
 * All rights reserved.
 *
 * This software is the confidential and proprietary information of
 * Zjut Edu. ("Confidential Information").  You shall not
 * disclose such Confidential Information and shall use it only in
 * accordance with the terms of the license agreement you entered into
 * with Zjut Edu.
 */
package com.springyouner.lottery.tools;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.springyouner.lottery.framework.UserSession;
import com.springyounger.lottery.dal.dataobject.User;

/**
 * 管理员过滤器
 * 
 * @author springyounger
 */
public class AdminFilter implements Filter {

    FilterConfig config;

    public void init(FilterConfig filterConfig) throws ServletException {
        config = filterConfig;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        HttpSession session = req.getSession();
        UserSession useSession = (UserSession) session.getAttribute("userSession");

        //String path = req.getContextPath();
        try {
            //判断是否为管理员
            if (null == useSession
                    || User.PRIVILEGE_ADMIN != (Integer.parseInt(useSession.getUser().getRoleid()))) {
//                res.setCharacterEncoding("UTF-8");
//                res.setContentType("text/html; charset=UTF-8");
//                res.getWriter().println(
//                        "<script>alert('对不起，您没有访问的权限');top.location.href='" + path
//                                + "/index.do';</script>");
                res.sendRedirect("/lottery/index.do");
            } else {
                chain.doFilter(req, res);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public void destroy() {
        // TODO Auto-generated method stub

    }
}
